CVE-2024-10857
CVSS 3.1 Score 6.5 of 10 (medium)
Details
Published Nov 26, 2024
CWE ID 35
Summary
CVE-2024-10857 is a directory traversal vulnerability affecting the WooCommerce plugin for WordPress, versions 1.9 and below. This issue stems from insufficient validation and sanitization of input fields within the handle_downloads() function. Attackers with Contributor-level access or higher can exploit this weakness, enabling them to read arbitrary files on the server. The potential consequences of this vulnerability include the exposure of sensitive information.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share